Wednesday, December 18, 2013

Gmail Users: Google Makes Your Data More Secure, Owns a Bit More of Your Life

The lovely people at Google have just quietly released a new feature. Google's mail client now automatically shows images from all senders.

Apparently, this is safe now - because all images you see in gmail will be proxied through google's own servers. Now we don't have to worry about viruses and malware in images. Well, we didn't often worry about those in the past - images containing viruses are most often a hoax, the odd PoC, and of course there are some targeted attacks at poorly written image libraries which would form the basis for a driveby. These concerns, and their validity or otherwise, aren't the real reason we turned off images are they?

No, we turned off images because we wanted to make the trade off between marketing people tracking us, and seeing the image. If the image was going to be useful, or worth seeing, we'd load images. If not, it was probably a "web bug" use to track opens and forwards by canny marketing types.

So, now you know that every image in your gmail is being definitely tracked by canny marketing types - except it is those at Google, rather than the guys who sent the email who are getting the full picture. Bear in mind also, that this is implicitly an HTTPS man-in-the-middle attack. This means that if an image was previously sent securely end-to-end between the email sender and you, it has now resided in the clear somewhere on Google's servers. Of course it's still encrypted in transit - but at some point that image stopped being secure, its origin stopped being verifiable in the same way, and Google served it to you fresh.

I know that Google already know what you are doing with your gmail, but this is one more fragment of your web browsing that's now hitting their servers before it hits the origin.

Yes, I fully appreciate the irony that this blog post resides on Google's infrastructure. They already know what I had for breakfast anyway.

Wednesday, December 4, 2013

Don't Complain About Social Media Bores

Some of my older readers will remember a time before social media, when we had real friends, and talked about real things. They'll remember it fondly, and talk about those halcyon days of pints down the pub, phone calls and lovingly crafted snail mail. To be honest, we are probably better off with social media, but there's still a few things that we might miss. In the "good old days", you could easily avoid the boring guy who had only one topic of conversation (like how rotten his shifts at the mill were). Now we're stuck listening to "social media bores" because we know if we unfriend/unfollow them, they'll know, and it'll just be even worse.

After an in-depth meta analysis, and extensive survey (OK, I hit google and had a chat with 4 colleagues), it can be revealed that the top 5 "Social Media Bores" are:

1. The Braggart: This guy can't buy a replacement lightbulb without telling you why he's got the best. Expect: Holiday bookings and new-car photos

2. "Guess where I am?": She can't help but tell you where she is, regardless of how dull it is.
Expect: "In Slough", "At the local shop", "Entering purgatory... where to next?"

3. The cat bore: Yes, we know you've got a cat, you use him as your profile picture.
Expect: Pictures considerably less funny/cute/well captioned than those already littering facebook

4. The Cliffhanger: An Unspecified emote - and we're all supposed to guess what's wrong?
Expect: "Feeling really sad", "Great news!" (and then nothing)

5. Captain Gullible: Is there a hoax this chap hasn't swallowed hook line & sinker?
Expect: "Did you know water drains anticlockwise in Australia?"

Now comes the hard part. I want you to forgive these guys. I ask you this, not in the spirit of the holiday season, but because I have discovered that it is virtually impossible not to be a social media bore. Observe:

So, if you do want to say something you might think twice about tweeting, maybe hang on, and do it over a beer - or don't say it at all!

If you are interested, here's some of the research I didn't do:

Legal issues:

Workplace issues:

Family issues:

  • Try not to follow escort agencies on twitter if anyone might be watching you
  • I'm told one of my colleagues once got told off by his mother for something he said on Facebook - didn't even make the local news though!